Hey networking,
Had a quick question in regards to BGP outbound filtering using prefix-list.
My configuration below:
router bgp 65000 template peer-session NEIGHBOR-SESSION remote-as 65001 timers 10 40 password RedditBruh template peer-policy NEIGHBOR-POLICY route-map NEIGHBOR-OUTBOUND out soft-reconfiguration inbound ! network 172.16.0.0 mask 255.255.224.0 neighbor 192.168.1.1 inherit peer-session NEIGHBOR-SESSION ! address-family ipv4 neighbor 192.168.1.1 inherit peer-policy NEIGHBOR-POLICY ! route-map NEIGHBOR-OUTBOUND match ip address-prefix-list OUTBOUND ! ip prefix-list OUTBOUND seq 5 permit 172.16.0.0/19 ip prefix-list OUTBOUND seq 10 deny 0.0.0.0/0 le 32 !
If I run a "show ip bgp neighbor 192.168.1.1 advertised-routes", I shows that I am correctly advertising the /19.
However, if someone on the other side wants needs to reach 172.16.5.0/24, which is part of the /19, it fails; there's no reachability at all.
In order to make it work, I have to create a new statement in the prefix-list allowing the specific 172.16.5.0/24, and then it works.
ip prefix-list OUTBOUND seq 5 permit 172.16.0.0/19 ip prefix-list OUTBOUND seq 6 permit 172.16.5.0/24 ip prefix-list OUTBOUND seq 10 deny 0.0.0.0/0 le 32
I though that the /19 outbound would cover anything that falls under the /19, including the 5.0/24 network. So people on the other side trying to reach the 5.0/24 should have no problem, correct?
Can someone shed some light into why this is?
EDIT: I understand that not allowing the /24 through will mean that the other side won't see it, since it doesn't have any ge/le statements, it will only allow the /19 through. However, this is more of a case as to why my BGP peer isn't using the /19 to reach the /24, when clearly the /24 falls under the /19. The /19 should serve as a catch all for all 172.16/19 networks trying to reach me; I shouldn't have to allow all my specific prefixes through for this to work.
No comments:
Post a Comment